Getting the official GPG keys to active package signature

Our packages for Debian are signed with the official gpg key of the project.

Getting the official gpg key

• Asking the gpg key from the keyserver

gpg --keyserver keys.openpgp.org --recv-key 0xFE0FEAE5AC483A86

• Exporting the gpg key to the debian keyring

gpg --export -a "FusionDirectory Packages Signing Key <contact@fusiondirectory.org>" > /usr/share/keyrings/fusiondirectory-archive.gpg

• In case fetching the gpog key from the gpg server doesn’t work

wget https://public.fusiondirectory.org/fusiondirectory-archive.gpg

Checking the official gpg key validity

• checking the gpg key validity

gpg --show-keys /usr/share/keyrings/fusiondirectory-archive.gpg
pub   rsa4096 2019-07-30 [SC] [expires: 2027-01-18]
    C3A287F0C5805909519632E7FE0FEAE5AC483A86
uid   FusionDirectory Packages Signing Key <contact@fusiondirectory.org>
sub   rsa4096 2019-07-30 [E] [expires: 2027-01-18]